U.S. authorities say they have seized a cloud computing account tied to Huione Group subsidiaries, in a move meant to disrupt a sprawling laundering network allegedly used to move billions in crypto fraud proceeds.
- Cloud account seized: the DOJ targeted backend infrastructure used by Huione subsidiaries
- Billions alleged: FinCEN says Huione laundered at least $4 billion
- Operation Riptide: the seizure is part of a broader FBI-led crackdown
- Not just wallets: law enforcement is going after the plumbing behind the scams
The U.S. Department of Justice says the seized account was used by Huione Group subsidiaries, including Huione Guarantee, also known as Haowang Guarantee. The government says this backend infrastructure helped power money-laundering services tied to crypto investment fraud, cyber scams, and other criminal activity.
That distinction matters. A cloud account is not a wallet address, and a seizure is not a courtroom verdict on every transfer that ever touched the network. But in modern crypto crime, the hidden machinery matters just as much as the flashy frontend. If you want to slow down the scam economy, you do not just chase the money after it moves. You cut into the systems that help it move in the first place.
Backend infrastructure is the unglamorous stuff: cloud hosting, databases, routing, storage, and other technical plumbing that users never see. Criminal operators love this layer because it lets them run services that look, at least from the outside, a lot like normal platforms. Same interface, different morals. A polished scam is still a scam.
The DOJ says the seized account was part of a system that allowed billions in fraud proceeds to be transferred, moved, and concealed. FinCEN, the Treasury unit that handles financial-crimes enforcement, puts a harder number on Huione’s alleged laundering: at least $4 billion in illicit proceeds between August 2021 and January 2025.
Those figures are related, but they are not the same thing. The DOJ language refers to alleged fraud proceeds moving through Huione-linked infrastructure. FinCEN’s figure is its estimate of illicit proceeds laundered. Neither should be stretched into a claim that Huione directly stole that amount from victims, because that is not what the numbers measure.
FinCEN also said the laundering included at least $37 million from CVC stemming from DPRK cyber heists, at least $36 million from CVC investment scams, and $300 million from other cyber scams. CVC means convertible virtual currency, basically crypto used as a value-transfer medium.
The timing is part of the story too. This action does not stand alone. FinCEN previously moved against Huione Group with a final rule in October aimed at severing the company from the U.S. financial system. Treasury has also issued a notice of proposed rulemaking to amend that action and include H-Pay Service PLC among other changes. In plain terms: Washington is not tapping Huione on the shoulder. It is trying to push the whole structure out of the U.S. financial perimeter.
The DOJ says the seizure is part of Operation Riptide, an FBI-led effort targeting the infrastructure, money networks, and criminal actors behind cybercrime and fraud. That is the right instinct. In a lot of crypto enforcement cases, going after a single wallet or a single operator is useful, but it leaves the pipes intact. Cut the pipes, and the whole racket gets more expensive and more fragile.
Huione Guarantee allegedly operated Telegram channels that discussed stolen credit card and identity information, malware-enabled theft proceeds, human trafficking-related services, and laundering the proceeds of romance scams and investment scams. It also provided escrow services. Escrow is normally a neutral holding mechanism used to reduce fraud in legitimate transactions. Here, the allegation is that it was used to grease the wheels of criminal deals.
That is the ugly genius of these networks: they often mimic legitimate marketplaces, escrow platforms, and support flows while running criminal commerce underneath. Fraudsters borrow the language of trust and convenience, then use it to move stolen money and keep victims trapped in the churn. The tech may look clean. The business model is filth.
Independent investigative work adds more context. The International Consortium of Investigative Journalists reported that Huione-linked crypto flows reached customer accounts at Binance and OKX. According to ICIJ, customer accounts at Binance received at least $408 million in tether from Huione over a little more than a year, while OKX customer accounts received at least $226 million in tether over five months.
That does not prove those exchanges were complicit in the underlying criminal conduct. It does show how suspicious or illicit flows can pass through major venues if controls fail or if the bad actors are skilled at blending in. Crypto critics love to pretend the problem is unique to blockchain. It is not. The real problem is criminals abusing whatever payment system is available. Crypto just makes the movement faster, broader, and sometimes easier to obscure, until investigators start tracing the chain.
And the chain does remember. The DOJ says information from Chainalysis, Elliptic, and Google’s CyberCrime Investigation Team helped support the case. That is a reminder that blockchain is not magic invisibility juice. It is often pseudonymous, not anonymous, and those are very different things once investigators start connecting addresses, services, and counterparties.
The scale of the victim pool is also getting harder to ignore. The DOJ cites over $7.2 billion in losses reported to the FBI’s Internet Crime Complaint Center in 2025 due to cryptocurrency investment fraud alone. That number reflects reported losses, not verified laundering volume or recovered funds, but it still shows how massive the fraud problem has become.
Huione, according to FinCEN, is not some lone bad actor floating in a vacuum. It is described as a Cambodia-based network with multiple businesses, including Huione Pay PLC, Huione Crypto, and Huione Guarantee. FinCEN calls it a primary money-laundering concern under Section 311 of the USA PATRIOT Act, a designation that can effectively cut a foreign entity off from the U.S. financial system by restricting correspondent and payable-through accounts.
That broader picture matters because the scam economy is increasingly industrialized. Scam compounds in Southeast Asia, identity theft, romance fraud, fake investment dashboards, and laundering services now form an ugly cross-border supply chain. The ICIJ has also said that as many as 300, 000 people are estimated to be working in scam compounds across Southeast Asia. Huione, in that framing, is not the whole machine. It is a major node in it.
Still, nobody should confuse a seizure of one cloud account with a total shutdown. Criminals are adaptive little parasites. They switch providers, shift jurisdictions, and spin up new infrastructure when the heat gets too high. Enforcement can raise the cost of doing business and knock operations off balance, but it rarely delivers a clean kill shot. The cat-and-mouse game just gets nastier.
Key questions and takeaways
-
What did the DOJ actually seize?
The DOJ says it seized a cloud computing account used by Huione subsidiaries. Authorities say that account hosted backend infrastructure for money-laundering services tied to crypto fraud and cyber scams. -
How big is the alleged laundering operation?
FinCEN says Huione Group laundered at least $4 billion in illicit proceeds between August 2021 and January 2025. The DOJ says the seized infrastructure helped move and conceal billions in fraud proceeds. -
Is this just about bitcoin?
No. The allegations cover broader crypto rails, including convertible virtual currency flows and tether transfers. Bitcoin may be part of the wider fraud ecosystem, but it is not the centerpiece here. -
Why target infrastructure instead of just wallets?
Because scams and laundering networks need hosting, accounts, platforms, and routing systems to operate at scale. Taking out that plumbing can disrupt more than one wallet address ever will. -
Do these actions stop fraud completely?
No. They can disrupt operations, raise costs, and force criminals to adapt, but these networks usually migrate rather than disappear. Enforcement is pressure, not a magic eraser. -
Does a transfer through an exchange prove criminal guilt?
No. Tracing data can show suspicious flows and connections, but each transfer still needs to be interpreted carefully. Reported flows, alleged laundering, and criminal convictions are not the same thing.
The lesson here is simple enough: crypto’s open rails are powerful, but they are also easy to abuse when the middlemen turn rotten. The right answer is not denial, and it is not hand-waving about “innovation” while criminals vacuum up victims. It is better enforcement, better controls, and a lot less tolerance for the shady infrastructure that helps fraud scale.
Huione looks like one of those middlemen. Not the whole scam universe, but a serious one. In crypto, the bad guys do not just use the rails. Sometimes they help run the station.
Further reading
A few useful follow-ups on the Huione crackdown and the regulatory pressure building around it.
